{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rss_qp/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-46084"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["rdma","mana_ib","rss_qp","rx_steering","cve-2026-46084"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-46084 is a vulnerability in the RDMA (Remote Direct Memory Access) subsystem, specifically within the mana_ib driver. The vulnerability stems from a failure to properly disable RX steering when an RSS QP (Receive Side Scaling Queue Pair) is destroyed. While the exact nature of the impact is not detailed in the provided source, such a flaw could potentially lead to denial of service conditions, information disclosure, or privilege escalation within the affected system. The security update addresses this issue by ensuring RX steering is correctly disabled, mitigating the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a system with RDMA enabled and the vulnerable mana_ib driver loaded.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious RDMA request targeting the affected system.\u003c/li\u003e\n\u003cli\u003eThe request triggers the creation of an RSS QP.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a process to destroy the RSS QP without properly disabling RX steering.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, RX steering remains active after QP destruction.\u003c/li\u003e\n\u003cli\u003eSubsequent RDMA traffic may be misdirected or processed incorrectly due to the orphaned RX steering configuration.\u003c/li\u003e\n\u003cli\u003eThis can lead to unexpected system behavior, potentially causing a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eIn a more sophisticated attack scenario, the attacker could leverage the vulnerability for information disclosure or privilege escalation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46084 could lead to a denial-of-service condition, where the affected system becomes unresponsive or unstable. While the specific impact details are not provided in the source, the nature of RDMA vulnerabilities suggests potential for privilege escalation or information disclosure in certain scenarios. The number of potential victims would depend on the prevalence of systems using the affected RDMA configuration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to address CVE-2026-46084 and ensure RX steering is properly disabled on RSS QP destroy.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect attempts to exploit this vulnerability by monitoring for suspicious RDMA QP destroy events.\u003c/li\u003e\n\u003cli\u003eClosely monitor systems with RDMA enabled for unusual network activity or system instability that could indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview RDMA configurations to ensure they adhere to security best practices and minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T07:21:12Z","date_published":"2026-05-28T07:21:12Z","id":"https://feed.craftedsignal.io/briefs/2026-05-rdma-rx-steering-vuln/","summary":"CVE-2026-46084 is a vulnerability related to RDMA/mana_ib that requires disabling RX steering on RSS QP destroy, potentially leading to denial of service or privilege escalation.","title":"CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy","url":"https://feed.craftedsignal.io/briefs/2026-05-rdma-rx-steering-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Rss_qp","version":"https://jsonfeed.org/version/1.1"}